pulumi-community #aws

tall-photographer-1935

08/09/2022, 5:05 PM

When doing a

StackReference

for an s3 bucket, how do you reference the other stack? I have an example where i have one bucket but two folders: s3://bucket/vpc/.pulumi/stacks/ s3://bucket/kubernetes/.pulumi/stacks/ I want to reference the outputs from the vpc folder in my kubernetes folder code. I've tried various ways, mostly like:

network_stack_ref = pulumi.StackReference("vpc/dev_vpc")

with no luck

victorious-dusk-75271

08/10/2022, 7:35 AM

Copy code

aws:ec2:VpcPeeringConnection (primary-eks-vpc-peer-to-us-eks-vpc):
    error: 1 error occurred:
        * creating urn:pulumi:dev::allrites-infrastructure::custom:resource:vpc$aws:ec2/vpcPeeringConnection:VpcPeeringConnection::primary-eks-vpc-peer-to-us-eks-vpc: 1 error occurred:
        * Unable to modify EC2 VPC Peering Connection Options. EC2 VPC Peering Connection (pcx-031d18fcc4929fecd) is not active (current status: pending-acceptance). Please set the `auto_accept` attribute to `true` or activate the EC2 VPC Peering Connection manually.

victorious-dusk-75271

08/10/2022, 7:35 AM

any idea why i am getting this error?

victorious-dusk-75271

08/10/2022, 7:36 AM

i have accepter setup

victorious-dusk-75271

08/10/2022, 7:36 AM

Copy code

new aws.ec2.VpcPeeringConnectionAccepter(`${this.name}-peer-to-${peerName}-accepter`, {
            vpcPeeringConnectionId: peering.id,
            autoAccept: true,
            tags: { ...this.baseTags, Name: `${this.name} VPC connection accepter`, Side: 'Accepter' }
        }, { provider: args.peerVpc.opts.provider, parent: this })

ambitious-agent-35343

08/10/2022, 8:36 AM

Anyone familiar with adding ECR credentials/secret as in imagePullSecrets with a Pulumi deployment?

little-cartoon-10569

08/11/2022, 10:58 PM

Would anyone know which library creates this error message? I know the restriction is at the AWS API, but I can't find the source code for the message anywhere.

Copy code

error: could not make instance of 'aws:elasticache/replicationGroup:ReplicationGroup': name 'really-long-name-that-causes-this-error-' plus 7 random chars is longer than maximum length 40

Wondering if it comes from Pulumi core, Pulumi AWS, code generated from the TF schema, or something else...

victorious-dusk-75271

08/12/2022, 6:56 AM

any idea what causing this? i am using pulumi.random and the result of that is

DFpSfUijK8

Copy code

error: deleting urn:pulumi:dev::allrites-infrastructure::custom:component:rds:globaldb$aws:rds/cluster:Cluster::globaldb-cluster: 1 error occurred:
        * error deleting RDS Cluster (tf-20220812010823122500000001): InvalidParameterValue: The parameter DBClusterSnapshotIdentifier is not a valid identifier. Identifiers must begin with a letter; must contain only ASCII letters, digits, and hyphens; and must not end with a hyphen or contain two consecutive hyphens.
        status code: 400, request id: 92d6a0f5-2c7d-45d7-b094-bf9d91838c77

bitter-france-47214

08/12/2022, 12:00 PM

apigateway

lambda

invocation

Code In the code, I am using

pulumi.interpolate

and

signup.invokeArn

to setup the apigateway integration with the lambda defined further up. Though, I am getting an Error (see below) and don't know why. Can anybody help?

Copy code

const signup = new aws.lambda.Function("sign-up", { ... });


const api = new aws.apigateway.RestApi("freedev-api", {
  body: JSON.stringify({
    ...
    paths: {
      ...
      "x-amazon-apigateway-integration": {
        httpMethod: "POST",
        type: "AWS_PROXY",
        uri: pulumi.interpolate `arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/${signup.invokeArn}/invocations`,
       },

Error

Copy code

Error creating API Gateway Deployment: BadRequestException: No integration defined for method

breezy-laptop-42679

08/12/2022, 2:28 PM

while defining security group id iam getting an error : Object is possibly 'undefined'. here is the example code I have to edit :

breezy-laptop-42679

08/12/2022, 2:29 PM

Copy code

const allowPostgresSgRule =
      env === 'prod' &&
      tfCCCRdsPostgresSg &&
      new aws.ec2.SecurityGroupRule('ccc-postgres-access-rule', {
        type: 'ingress',
        fromPort: 5432,
        toPort: 5432,
        protocol: 'tcp',
        sourceSecurityGroupId: sg.id,
        securityGroupId: tfCCCRdsPostgresSg.id,
      });
   // NOTE: Sunguard GP VPN
   const allowLocalAccessGPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.0.0/19'],
    securityGroupId: XXXXXRdsPostgresSg.id,
  });
  // NOTE: Bethpage GP VPN
  const allowLocalAccessGPBPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-bp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.X.0/24'],
    securityGroupId: XXXXRdsPostgresSg.id,
  });

breezy-laptop-42679

08/12/2022, 2:30 PM

need to change our security group rules to allow traffic from the CIDR block for GlobalProtect.

cool-football-2937

08/12/2022, 7:16 PM

Hi folks! We are using

pulumi==3.37.2

pulumi-aws==4.38.1

pulumi-docker==3.0.0

and

python==3.7

. While running

pulumi up

and trying to create a docker image using

DockerBuild()

function of

pulumi-docker

it errors out giving the following message:

error: Program failed with an unhandled exception:

error: Traceback (most recent call last):

File "C:\ProgramData\chocolatey\lib\pulumi\tools\Pulumi\bin\pulumi-language-python-exec", line 107, in <module>

loop.run_until_complete(coro)

File "C:\Users\mbillah\Miniconda3\envs\pcty_nlp_platform\lib\asyncio\base_events.py", line 583, in run_until_complete

return future.result()

Would really appreciate some information about what is causing this and how it can be resolved.

👍 1

victorious-memory-43562

08/13/2022, 7:15 PM

Does anyone know how I can set up the apigateway custom DomainName when my route 53 hosted zone & ACM cert for that domain are in a different account in the same organization? I’m reading this and am struggling figuring out how to do this with Pulumi

victorious-dusk-75271

08/15/2022, 11:51 AM

does anyone know what this error mean? i am using @pulumi/eks

Copy code

Diagnostics:
  eks:index:VpcCni (primary-eks-eks-cluster-vpc-cni):
    error: Command failed: kubectl apply -f /tmp/tmp-12985ZDmsHqyDJ692.tmp

    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid
    Unable to connect to the server: getting credentials: exec: executable aws failed with exit code 254

  pulumi:pulumi:Stack (allrites-infrastructure-dev):
    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid
    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid

    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid
    Unable to connect to the server: getting credentials: exec: executable aws failed with exit code 254

    error: update failed

ambitious-father-68746

08/15/2022, 5:05 PM

Hi, I'm trying to understand the benefits of using pulumi/eks instead of pulumi/aws/eks, but so far I don't really understand why I would want to use it. Can anyone enlighten me? Thank you

rough-jewelry-40643

08/15/2022, 7:44 PM

Hi all, I have a dumb question. I am trying to set up task autoscaling as part of an ECS fargate hosted service. I can find the documents on setting up autoscaling for Ec2's running with ECS but not for the task autocaling. Can some one point me to the docs?

polite-window-12946

08/16/2022, 5:48 PM

Is there a place where we can see where the awsx typescript version 1.0 will come out of beta? in the meantime is it recommended to use that or the 0.40 release, since the live docs point to the beta but everything else seems to be using 0.40?

big-potato-91793

08/17/2022, 12:33 AM

Hey, we were in the process of upgrading our dependencies of the aws provider to the latest. But everytime we do this we start having weird behaviour and getting

an unhandled error occurred: Program exited with non-zero exit code: -1

Is there any idea what we should be looking into?

victorious-dusk-75271

08/17/2022, 5:32 AM

Does anyone know how to solve this problem?

Copy code

aws:ec2:Eip (us-data-vpc-nat-1):
    error: deleting urn:pulumi:dev::allrites-infrastructure::custom:resource:vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::us-data-vpc-nat-1: 1 error occurred:
        * AuthFailure: You do not have permission to access the specified resource.
        status code: 400, request id: 3cedd0dd-f987-4eac-9c2b-ff179af491c2

ambitious-umbrella-20232

08/17/2022, 2:35 PM

Hey all, does anyone know if it's possible to pass

pulumi up

a different

aws:profile:

value during the cli run that doesn't overwrite the value in the stack file? So like in my stack file I have this:

Copy code

config:
  aws:profile: staging
  aws:region: us-east-2

Where

staging

corresponds to one of my named profiles in my

~/.aws/config

file. But if someone else pulls down this code and tries to run it and their config file uses a different name for their keys to the same account can they pass a flag to

pulumi up

to point it there only during that run? I tried using the

-c

flag but it looks like that overwrites the stack file value. And yes I know this should be done all within a CICD pipeline, we're working on it 🙂

billowy-horse-79629

08/17/2022, 2:38 PM

Hey all, I’m deploying a new AWS WAF for my application loadbalancers and i’m pretty of new to it. I understand that using managed rules for the ACL can be very beneficial so I chose to use F5 ACL rule . Unfortunately, after reading the AWS Pulumi code carefully I couldn’t find any way to use managed rules as part of my Pulumi code. Am I missing something ? Have anyone used managed rules as part of the Pulumi code ? Thanks guys !

steep-winter-68060

08/17/2022, 5:49 PM

Hi all! Is it possible to set up a serverless MSK cluster with Pulumi?

victorious-dusk-75271

08/18/2022, 12:52 AM

can anyone from pulumi check this please? https://github.com/pulumi/pulumi-eks/issues/762

victorious-dusk-75271

08/18/2022, 7:32 AM

it is sad that

@pulumi/eks

is not usable. I am struggling with it since yesterday. here is for example, its adds labels on fresh stack then running up again wants to remove the labels.

Copy code

++kubernetes:core/v1:ConfigMap: (create-replacement)
                [id=kube-system/aws-auth]
                [urn=urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$kubernetes:core/v1:ConfigMap::primary-eks-eks-cluster-nodeAccess]
                [provider: urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::586e6654-9fcb-4908-9f46-53b23ae4c5c8 => urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::output<string>]
              ~ metadata  : {
                  - labels   : {
                      - <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: "pulumi"
                    }
                }
            +-kubernetes:core/v1:ConfigMap: (replace)
                [id=kube-system/aws-auth]
                [urn=urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$kubernetes:core/v1:ConfigMap::primary-eks-eks-cluster-nodeAccess]
                [provider: urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::586e6654-9fcb-4908-9f46-53b23ae4c5c8 => urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::output<string>]
              ~ metadata  : {
                  - labels   : {
                      - <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: "pulumi"
                    }
                }

strong-helmet-83704

08/18/2022, 8:09 PM

Is there any way to have Pulumi capture the output of UserData code which runs on instance boot?

bitter-kite-21926

08/18/2022, 8:59 PM

Hi all. I have infrastructure separated into

common

(where i create eks cluster and nodepool and shared things else) and per-project infrastructure (lives with code and has services/deployments/etc). How do i specify in the per-project infrastructure which eks cluster to deploy to? i have aws:profile specified in the stack yaml, but it looks that pulumi ignores it and deploys to current kubectl context.

brainy-furniture-37509

08/19/2022, 6:42 AM

Hi my cloudwatch eventRule is getting
InvalidEventPatternException: Event pattern is not valid. Reason: Match value must be String, number, true, false, or null
while trying to use below pattern. Is content filtering unavailable? Oops, false alarm.

family

was array silly

Copy code

eventPattern: JSON.stringify({
                'source': ['aws.ecs'],
                'detail-type': ['ECS Task State Change'],
                'detail': {
                  'group': [family],
                  'lastStatus': ['STOPPED'],
                  'stoppedReason': ['Essential container in task exited'],
                  'containers': {'exitCode': [{'anything-but': 0}]}
                }
              })

ambitious-father-68746

08/19/2022, 11:13 AM

Hi, after upgrading to pulumi-aws 5.11.0 I'm getting an error everytime I specify resource options on a resource. This works:

Copy code

aws.get_availability_zones()

This breaks:

Copy code

aws.get_availability_zones(
    opts=pulumi.ResourceOptions(),
)

The error is:

Copy code

File "/tmp/tmp.T1ec9S84a7/pulumi/venv/lib64/python3.10/site-packages/pulumi_aws/get_availability_zones.py", line 202, in get_availability_zones
        opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
      File "/tmp/tmp.T1ec9S84a7/pulumi/venv/lib64/python3.10/site-packages/pulumi/invoke.py", line 115, in merge
        raise TypeError("Expected opts2 to be a InvokeOptions instance")
    TypeError: Expected opts2 to be a InvokeOptions instance

Anyone else seeing the same thing? 5.10.0 works fine.

stocky-petabyte-29883

08/20/2022, 2:32 PM

Hi I created an aws aurora cluster inside a vpc, I have a script that I am running using pulumi remote command, which is running a sql script against the previously created instance. The remote command depends on a different resource, which inturn depends on the aurora cluster. However the script are still getting executed before the clusters in the instance are fully provisioned and I get an error back that the host is unknown, how can I prevent this?